<?php
include("loadconfig.php");



if(!isset($_REQUEST["action"]))
	die("No action defined");

switch($_REQUEST["action"]){
	case "user_list":
		echo getUsers();
		break;
	case "get_user":
		echo getUser($_REQUEST);
		break;
	case "user_add":
		createNewUser($_REQUEST);
		break;
	case "user_edit":
		editUser($_REQUEST);
		break;
	case "profile_edit":
		editProfile($_REQUEST);
		break;
	case "user_delete":
		deleteUser($_REQUEST);
		break;
	case "phase_list":
		echo getPhases();
	break;
	case "phase_add":
		createNewPhase($_REQUEST);
	case "phase_edit_name":
		editPhaseName($_REQUEST);
	case "phase_delete":
		deletePhase($_REQUEST);
	break;
	default:
		break;
}


function getUsers($pattern=""){
	$query="SELECT * FROM user WHERE email LIKE '%$pattern%' OR first_name LIKE '%$pattern%' OR last_name LIKE '%$pattern%' ";
	$result=executeQuery($query);
	$outp = "[";
	while($rs = $result->fetch_array(MYSQLI_ASSOC)) {
		if ($outp != "[") {$outp .= ",";}
		$outp .= '{"id":"'  . $rs["id"] . '",';
		$outp .= '"first_name":"'  . $rs["first_name"] . '",';
		$outp .= '"last_name":"'   . $rs["last_name"]        . '",';
		$outp .= '"role":"'   . $rs["role_id"]        . '",';
		$outp .= '"email":"'. $rs["email"]     . '"}';
	}
	$outp .="]";
	return $outp;
}

function getPhases(){
	$query="SELECT * FROM phase order by id";
	$result=executeQuery($query);
	$outp = "[";
	while($rs = $result->fetch_array(MYSQLI_ASSOC)) {
		if ($outp != "[") {$outp .= ",";}
		$outp .= '{"id":"'  . $rs["id"] . '",';
		$outp .= '"phase_name":"'. $rs["name"] . '"}';
	}
	$outp .="]";
	return $outp;
}

function createNewPhase($data){
	$name = $data["phase_name"];
	$query="INSERT INTO phase (name) VALUES ('$name')";
	$result=executeQuery($query);
	if(!$result){
		header('HTTP/1.0 404 Not found');
		exit;
	}
}

function createNewUser($data){
	$userFirstName = $data["userFirstName"];
	$userLastName = $data["userLastName"];
	$userEmail = $data["userEmail"];
	$userAdmin = ($data["userAdmin"]=='true')?1:0;
	$generatedPassword=generatePassword();
	$query="INSERT INTO user (first_name, last_name, email,password,role_id) VALUES ('$userFirstName', '$userLastName', '$userEmail','".encrypt($generatedPassword)."',$userAdmin)";
	$result=executeQuery($query);
	if(!$result){
		header('HTTP/1.0 404 Not found');
		exit;
	}
	notifyNewUser($userFirstName,$userLastName,$userEmail,$generatedPassword);
}

function deleteUser($data){
	$userId=$data["id"];
	$query="DELETE FROM user WHERE id='$userId'";
	$result=executeQuery($query);
	if(!$result){
		header('HTTP/1.0 404 Not found');
		exit;
	}
}

function deletePhase($data){
	$phaseId=$data["id"];
	$query="SELECT * from ticket_phase WHERE phase_id='$phaseId'";
	$result=executeQuery($query);
	if($result){
		return "error_message:". getLocalText("ui_error_can_not_delete_phase") ;
	}
	$query="DELETE FROM phase WHERE id='$phaseId'";
	$result=executeQuery($query);
	if(!$result){
		header('HTTP/1.0 404 Not found');
		exit;
	}
}

function getUser($data){
	$id=$data["id"];
	$query="SELECT * FROM user WHERE id = '$id'";
	$result=executeQuery($query);
	$outp = "[";
	while($rs = $result->fetch_array(MYSQLI_ASSOC)) {
		if ($outp != "[") {$outp .= ",";}
		$outp .= '{"id":"'  . $rs["id"] . '",';
		$outp .= '"first_name":"'  . $rs["first_name"] . '",';
		$outp .= '"last_name":"'   . $rs["last_name"]        . '",';
		$outp .= '"role":"'   . $rs["role_id"]        . '",';
		$outp .= '"email":"'. $rs["email"]     . '"}';
	}
	$outp .="]";
	return $outp;
}

function editUser($data){
	$id=$data["id"];
	$userFirstName = $data["userEditFirstName"];
	$userLastName = $data["userEditLastName"];
	$userEmail = $data["userEditEmail"];
	$userAdmin = $data["userEditAdmin"];
	$query="UPDATE user SET first_name='$userFirstName',last_name='$userLastName',email='$userEmail',role_id='$userAdmin' WHERE id=$id";
	$result=executeQuery($query);
	if(!$result){
		header('HTTP/1.0 404 Not found');
		exit;
	}
}

function editProfile($data){
	$id=$data["id"];
	$userProfilePassword = $data["userProfilePassword"];
	$userProfilePasswordConfirm = $data["userProfilePasswordConfirm"];
	if($userProfilePassword!=$userProfilePasswordConfirm){
		echo "Passwords does not match";
		header('HTTP/1.0 404 Not found');
		exit;
	}
	$userProfilePassword = encrypt($userProfilePassword);
	$query="UPDATE user SET password='$userProfilePassword' WHERE id=$id";
	$result=executeQuery($query);
	if(!$result){
		header('HTTP/1.0 404 Not found');
		exit;
	}
	notifyNewPassword($userFirstName,$userLastName,$userEmail,decrypt($userProfilePassword));
}


function editPhaseName($data){
	$phaseId = $data["phaseId"];
	$newValue = $data["newValue"];
	$query="UPDATE phase SET name='$newValue' WHERE id=$phaseId";
	$result=executeQuery($query);
	if(!$result){
		header('HTTP/1.0 404 Not found');
		exit;
	}
}


function is_ajax() {
	return isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest';
}


?>
